VOIP over Private VPN

[bazlit]

I have a system with an IPO 403 one end and a 406 the other
trying to get 5 calls working over the vpn, i have cisco 1751 routers at each end with the following set up (see router extract)

we are getting calls that people cant hear each other at the other IPO (internal IPO to IPO calls)

my DSCP set to 46 in the IPO's and using G.729(a)8k codec

The Carrier has confirmed QOS is setup on their side and the Voice Class isnt dropping any packets

Any ideas where to start?




!!!!Router config extract!!!!!
ip cef
!
class-map match-any Business
match ip precedence 3
match access-group name telnet
match access-group name h323
match access-group name 5900
class-map match-any Voice
match ip precedence 5
match access-group name rtp
!
policy-map PNb+v
description Private Network Business Plus Voice
class Voice
priority percent 30
set precedence 5
class Business
bandwidth percent 46
random-detect
random-detect exponential-weighting-constant 6
set precedence 1
class class-default
bandwidth percent 19
random-detect
random-detect exponential-weighting-constant 6
set precedence 0
!
interface ATM0/0
no ip address
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B dsl linerate AUTO !
interface ATM0/0.1 point-to-point
ip address 10.248.3.54 255.255.255.252
pvc 1/35
vbr-nrt 512 512
tx-ring-limit 3
oam-pvc manage
encapsulation aal5snap
max-reserved-bandwidth 95
service-policy output PNb+v

 

[Morrack]

I'm not a router guy, but I believe on all cisco equipment (or is it just PIX firewalls?) that you have to disable something called h.323 packet inspection... do a search on this thread and you should find what you need it's been posted here before.

Peter

 

[mikev80]

i've had similar symptoms before and it turned out to be a routing issue. Make sure all your routers and ipo's have static routes to each subnet. My scenario was that one site can ring the other site, but when the user picks up there's no communication. It turned out one of the routers was missing an ip route back to one of the subnets.

 

[bazlit]

the calls work most of the time, but sometimes the a or b party cant hear the other, the dafault route is set to the router at each site, which are both cisco 1751 routers running ip plus 12.3

i have seen the same h.323 inspection problem on netscreens firewalls but believe its not the issue here as there are only routers and not pix firewalls.

still pondering

 

[Nokarro]

class-map match-any Voice
match ip precedence 5
match access-group name rtp

and the extract from access-group rtp ?
Do you match it on DSCP values and do you do RTP Header compression ? as well as the RTP port range differs between Avaya and Cisco.

 

[bazlit]

The Shdsl network we use doesnt support header compression, i have also just checked the config and havent matched anything to the RTP group, should i add

!
ip access-list extended rtp
remark RTP (VoIP) classification
permit udp any range 16384 32767 any range 16384 32767
!
ip access-list extended h323
remark Typical H.323 Signalling classifications
permit tcp any any eq 1503
permit tcp any any eq 1718
permit tcp any any eq 1719
permit tcp any any eq 1720
permit tcp any any eq 1731
permit tcp any eq 1503 any
permit tcp any eq 1718 any
permit tcp any eq 1719 any
permit tcp any eq 1720 any
permit tcp any eq 1731 any
!

i have also done some tests in regards to MTU, if my ping is larger than 1470 in size then it doesnt get thru, if the IPO is running a MTU of 1500 then would this cause issues?

 

[bazlit]

RTP - just been testing with our carrier and it seems the cisco is recognising the IPO setting packets with an ip precendence of 5 and handling them correctly without defining the RTP group.
The Carrier however doesnt support RTP header compression and shows the calls at 28000bps which seems about right from all the doco i have read, with RTPHC it can go as low as 11k, but as SHDSL is a layer 3 network its a bit difficult as the carrier has to support it as well, with frame relay its a layer 2 network so like having a end to end pipe where you can run your own settings independent of the carrier.

 

[dencom]

I haven't run a config like you do but the very first time I used 4602 IP Phones in combination with Cisco Router the MTU size was the problem. I could make calls but most of the time there was no voice path. The moment I set the 4602 to not the QOS, the problem was gone. Per default the Cisco doesn't allow big MTU. I assume when you config the cisco for H323 use, it should deal with different MTU sizes, then again with Cisco, like Avaya, you never know.

Good luck..

 

[bazlit]

Funny thing pings of 1500 from router to router work fine, but as the ciscos are plugged into the Lan ports on the IPO as well as the VM server being plugged in there as well, if you ping the local router the IPO will fragment data traffic, apparently the IPO does this so QOS for voice can do its stuff. (this would be accounted for by the IPO tagging the packets with a TOS thus reducing the payload of the packets.)
have ended up setting the ciscos to half/100mb in a effort to get rid of errors that were comming up.
hopefully will have a full guidline document for a SHDSL/IPO VOIP install after all this

 

[bazlit]

anyone know what IP Precedence of 5 in a cisco works out to be on the DSCP settings/mask in the IPO?

 

[IPGuru]

I could be wrong but i believe that this matchges the IPO default of 46

 

[4650]

why can't you use auto qos voip command instead this? we just got 1760 and I typed this command and router was set. I didn't test yet but it should work just fine.

George

 

[bazlit]

Thanks IPGuru i also found an interesting article on Cisco's web late last night

46(dec) is 101110 in binary which decodes to

the first 3 bits
101 = CRITIC/ECP = Precedence 5

the last 3
Bit 3 = Delay [D] (0 = Normal; 1 = Low)

Bit 4 = Throughput [T] (0 = Normal; 1 = High)

Bit 5 = Reliability [R] (0 = Normal; 1 = High)

see Document ID: 10103 Cisco's web